FreeBSD -- rpcbind(8) remote denial of service [REVISED]
In rpcbind(8), netbuf structures are copied directly,
which would result in two netbuf structures that reference
to one shared address buffer. When one of the two netbuf
structures is freed, access to the other netbuf structure
would result in an undefined result that may crash the
A remote attacker who can send specifically crafted
packets to the rpcbind(8) daemon can cause it to crash,
resulting in a denial of service condition.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright